Cybersecurity, Cloud Engineering, and AI blog

Zoom’s Significant Lack of Security Over Time

In March 2020, when the COVID-19 pandemic forced millions worldwide to transition to remote work, school, and social activities, Zoom became a household name almost overnight. With its user base skyrocketing from 10 million daily users in December 2019 to over 300 million by April 2020, Zoom faced unprecedented scrutiny, particularly concerning its security and privacy practices.

The Initial Problems

Zoom’s meteoric rise wasn’t without significant challenges. Security researchers and privacy advocates quickly discovered that Zoom’s initial approach to security was lackluster. Notably:

Misleading Encryption Claims: Zoom initially claimed to offer end-to-end encryption, a gold standard in secure communications. However, it was later revealed that Zoom’s encryption was not true end-to-end, meaning that while communications were encrypted during transit, Zoom’s servers had the potential to access unencrypted data.

Data Leaks and Unwanted Exposure: Zoom’s architecture allowed other meeting participants to see much more about users than expected. This included personal details that could be exploited in various ways.

Zoom Bombing: One of the most publicized issues was “Zoom bombing,” where uninvited participants would join Zoom meetings and share inappropriate content, leading to serious disruptions and privacy concerns. This was exacerbated by the fact that many users shared Zoom meeting links publicly without proper security measures in place.

Questionable Privacy Policies: Zoom’s privacy policies initially appeared to grant the company broad rights to user data, which alarmed privacy advocates and users alike. The lack of clarity on how user data could be used led to widespread concern.

Ongoing Concerns and New Issues

Despite these improvements, Zoom has continued to face challenges as new vulnerabilities and issues emerge:

  • MacOS Vulnerabilities: Security researchers found that Zoom’s installation process on MacOS exploited system permissions in ways that could be considered malicious. Zoom addressed this by making the installation process more transparent and secure.
  • Data Routing Through China: For a brief period, it was discovered that Zoom calls, even from non-Chinese users, were being routed through servers in China, raising concerns about potential surveillance. Zoom has since implemented measures to allow users to control the regions their data passes through.
  • Lawsuits and Settlements: Zoom has faced several lawsuits related to its security practices, including a significant settlement over the encryption and privacy concerns. These legal challenges have prompted further changes in how Zoom handles user data and security.

Conclusion

Josh Chapman has been referencing an article from Tom’s Hardware about security issues with Zoom since it was released. We think they’ve done a great job documenting all the security concerns, and their documentation is extensive – many pages long. To be clear, we recommend you try to avoid using Zoom at all costs in day-to-day life, and advise others to do the same due to its history of security vulnerabilities.

Check out the original Tom’s Hardware article – Source